CNCF Ensures Kubernetes Interoperability with a New Cert Program

The Cloud Native Computing Foundation has introduced the new certification program to help ensure cloud providers and other services vendors remain compatible with one another as the popular container orchestration project takes hold of the industry. The Certified Kubernetes Program offers innovative options to encourage flexibility and continued interoperability with older versions of the orchestration layer, while also keeping vendors up to date with the latest and greatest additions.

Dan Kohn, executive director of the Cloud Native Computing Foundation, called this the most significant announcement yet made by the Foundation around the open source Kubernetes container orchestration engine, which is the company flagship project.

The program “gives enterprise organizations the confidence that workloads that run on any Certified Kubernetes Distribution or Platform will work correctly on any other version,” Kohn said. “The interoperability that this program ensures is essential to Kubernetes meeting its promise of offering a single open source software stack supported by many vendors that can deploy on any public, private or hybrid cloud.”

The CNCF Certified Kubernetes Program now extends over 20 implementations of the platform. Companies like Docker IBM, Red Hat, Microsoft, Oracle, and Huawei signified their support of this program, among others.

The CNCF will require platforms to certify against at least one of the four versions released every year, ensuring they are at least updating their offerings at least once a year. Additional older implementations can also continue to be certified, but only if a newer version is also certified.

“When you certify a version of Kubernetes,” said Kohn, “It’s good for one year. You could certify version 1.7 now, but if you also certify 1.8 or 1.9, your 1.7 stays certified. If you fall off the Kubernetes release train entirely, and say 1.8 does everything a customer needs, after a year that version of your software is no longer certified Kubernetes.”

“We’re really trying to work with the vendors here and be supportive of the fact that users want to run older software, particularly in finance,” said Kohn. “You can literally certify it forever as long as you also are certifying one version per year. You can do 1.7 and then there’s a new version every three months. You could certify 1.11, 1.15, and then 1.7, it just has to be one release from each year.”

Under the covers, this certification program and testing regime extend only to the external facing APIs if Kubernetes. Internal APIs and code may be changed at will based on the distributors’ needs. Kohn said that this was designed to allow flexibility. He said that allowing distributors to modify the internal workings of Kubernetes ensures they can mold it to meet the needs of their infrastructure while certifying the external APIs will keep user applications compatible across implementations.

Kohn said the certification project kicked off six months ago and was an intense process. He added that it was a remarkable amicable process as well, with vendor members diving into the work with little argument.

Why certify Kubernetes? Kohn did not say that anyone had gone about changing Kubernetes external APIs yet, but he did say that one vendor had turned off APIs it felt were not needed by its customers. Since then, however, they have turned those APIs back on at the CNCF’s request.

He also added that the once-per-year certification is not just a tactic to keep people’s implementations current for users. It’s also a security measure, as security features are back-ported only to the past three versions of Kubernetes.

Kohn also said that the Kubernetes project and the CNCF have benefited from being somewhat late to the digital standards game. “We get a benefit from coming later and learning some of the lessons from the past. There’s been a shocking lack of unhappiness around this. I wasn’t quite sure for this launch how many of our vendors would be able to get into the launch announcement, but we’ve been thrilled as we’ve had almost everybody be able to step up.”

The following products have passed the Certified Kubernetes conformance program: